New ‘BGP Vortex’ Vulnerability Threatens Internet Stability with Massive Routing Disruptions

According to a groundbreaking report by the Internet Society, researchers have uncovered a critical vulnerability in the Border Gateway Protocol (BGP)—the routing system essential for global Internet operations. Dubbed the ‘BGP Vortex,’ this issue could cause large-scale disruptions by flooding networks with routing updates, leading to potential outages and denial-of-service (DoS) attacks. The findings were presented at the USENIX Security 2025 conference by researchers from ETH Zürich.

What Is the BGP Vortex? Understanding the New Disruption

BGP, developed over 30 years ago, serves as the backbone of Internet infrastructure, enabling autonomous systems (ASes)—independent networks that comprise the Internet—to exchange routing information. However, researchers have long warned about its outdated design and inherent vulnerabilities.

The BGP Vortex vulnerability arises specifically from the misuse of widely implemented routing policies. It exploits three seemingly normal BGP route advertisements to trigger indefinite route oscillations. These oscillations overwhelm routers by forcing continuous route updates, drastically increasing CPU load and delaying route propagation by up to 40 seconds. In lab experiments, researchers observed communication outages lasting approximately 37 seconds—a scenario that could scale up to catastrophic levels when applied to real-world networks.

Alarmingly, the study revealed that 21 of the Internet’s 30 largest ASes are susceptible to this vulnerability. Together, these ASes control much of the Internet’s backbone, meaning a well-targeted attack could impact up to 96% of all global networks. ASes under attack could experience a flood of up to 32,000 route advertisements per second—far exceeding the typical 2.3 advertisements per second—bringing critical operations to a halt.

Industry Impact: Why the BGP Vortex Problem Demands Urgent Attention

The implications of this discovery are massive for the telecom and networking sectors. BGP vulnerabilities have long been a problem, but the BGP Vortex presents a new level of threat in an increasingly interconnected world. It could disrupt everything from financial transactions to cloud services, creating ripple effects across all industries reliant on the Internet.

To put this in perspective, recent data from the Internet Society highlights that BGP-related outages already cost industries billions annually. For example, in 2021, Facebook experienced a BGP misconfiguration that caused a global outage, disrupting communication for over 3.5 billion users and resulting in estimated losses of $65 million per hour. A targeted BGP Vortex attack could potentially be even more devastating, affecting critical sectors like healthcare, e-commerce, and government operations.

Compounding the risk is the rise of state-sponsored cyberattacks. Governments or attackers leveraging BGP vulnerabilities could launch highly effective DoS attacks, crippling international connectivity and undermining geopolitical stability. Competing network technologies, such as Software-Defined Networking (SDN), may also be affected indirectly by cascading routing failures.

Looking Ahead: Mitigation and Expert Perspectives

Fortunately, researchers from ETH Zürich have proposed partial solutions to counter the BGP Vortex. These include implementing controls to prevent the critical ‘priority inversion’ mechanism that triggers oscillations and adopting more robust routing rules. However, as the vulnerability stems from standard practices embedded within networks over decades, significant coordination and long-term collaboration across the telecom industry will be needed to achieve widespread mitigation.

Experts agree that the telecom sector must prioritize investment in securing routing protocols. According to Dr. Adrian Perrig, a professor at ETH Zürich supervising the study, “While short-term fixes are possible, the root problem lies in the outdated architecture of BGP itself. A fundamental rethinking of Internet routing mechanisms is necessary to ensure long-term stability.” Efforts such as the Resource Public Key Infrastructure (RPKI) and MANRS (Mutually Agreed Norms for Routing Security) initiatives are gaining traction, but time will tell if they can keep pace with emerging threats like the BGP Vortex.

Industry collaboration between Internet service providers, cybersecurity firms, and policymakers is crucial to establish a more resilient Internet infrastructure. Failure to address these vulnerabilities could lead to devastating economic and operational impacts on a global scale.

What Do You Think?

The discovery of the BGP Vortex serves as a wake-up call to re-evaluate the standards that underpin the Internet. With global implications across industries, do you think governments and tech leaders will take adequate action in time? Share your thoughts in the comments below.

Original source: Internet Society